Posted
by
timothyon Sunday January 16, 2011 @08:02AM
from the oh-it's-that-easy-eh dept.

itwbennett writes "George Bronk, 23, has pleaded guilty to charges that he broke into the e-mail accounts of thousands of women, scouring them for nude photos that he then posted to the Internet. How he did it: He searched his victims' Facebook pages for answers to common security questions and then logged in to their e-mail accounts. In one case he persuaded a victim to send him even more explicit photographs by threatening to post the ones he'd stolen if she didn't. Bronk faces 6 years in prison on felony hacking, child pornography and identity theft charges."

No, because producing child pornography and distributing it on the internet is producing child pornography and distributing it on the internet. If a 16 year old girl sends a picture of her tits to your phone you are now in possession of child pornography and in direct danger of having your life destroyed and everyone you know hating you.

16 year olds are not children. That is the most insane part of all of this. Naked pictures of 6 year olds on your phone, sure, those are children at least. A 16 year old is most definitely not a child though.

Give up hope now, save yourself a bunch of turmoil. It won't stop, simply because laws on topics like CP tend to be more powerful than the lawmakers themselves. At this point, I doubt anyone has the political arsenal necessary to "stop this shit."

In some states, the age of consent and child porn statutes have the same age limits.

For instance, a quick read of NV law shows the AOC to be 16. Child porn is defined as sexually explicit blah blah blah involving a person under 16. Federal law makes it a crime with a person under 18, but there may be some state line/interstate commerce nexus that needs to be fulfilled.

I didn't feel like looking at too many states, but found this same AOC/CP thing with NH-16/16.

Many states forbid distributing/exhibiting obscenity to people under 18, regardless of their AOC/CP statutes.

So, excluding the feds, it's not a crime to have sex with a 16 year old or film it. But, she can't watch the tape afterwards. It's a crime to allow her 16 year old friend to watch the act as it occurs, but not a crime to have her join. Neither of them can smoke a cigarette or have a beer afterwards. If either one were to rob,beat,kill one of their fellow particpants, they would be tried as an adult in every state in the country.

Actually, legalize possession of child porn, and step up the penalties for production (or just for child abuse, since using a child to produce child pornography is itself abuse) and purchase/sale. That removes the "weaponry" portion of child porn (if I send you a CP picture, you have committed a crime is a *bad* thing) and makes those who receive such pictures accidentally (mislabeled P2P files, for example) or against their will (as in the sending a picture to your phone example) more willing to openly provide them to authorities as a way to help the producers get caught, as well as making being involved in the financial promotion of the production of child pornography still a crime.

Actually, legalize possession of child porn, and step up the penalties for production (or just for child abuse, since using a child to produce child pornography is itself abuse) and purchase/sale. That removes the "weaponry" portion of child porn (if I send you a CP picture, you have committed a crime is a *bad* thing) and makes those who receive such pictures accidentally (mislabeled P2P files, for example) or against their will (as in the sending a picture to your phone example) more willing to openly provide them to authorities as a way to help the producers get caught, as well as making being involved in the financial promotion of the production of child pornography still a crime.

Back in the early 90s, before the explosion of the web, I used to use AOL. I used to trade in pictures of naked women. Some guys used to send out pictures of their wives. I was 18-19 years old and had no interest in 35-40 year old housewives. I asked one guy if he had anything of someone "younger". Apparently that's a keyword for child porn. Next thing I knew I was getting inboxes full of the stuff, this was also back in the days before broadband so I had some people that I used to automatically share anything I got with before I downloaded it myself. On the first inboxing, I forwarded all of the contents to some of my trading partners. And THEN I downloaded the pictures and saw things that no normal person should ever have to see.

I deleted the jpgs and gifs from my computer, deleted the emails from my inbox, and at that time AOL allowed you to unsend an email if it had not been read. I believe that I was able to unsend them all, but if I hadn't been, I shudder to think of the things I could have been charged with. All because I wanted to see naked 18-24 year old girls...

Actually, legalize possession of child porn, and step up the penalties for production (or just for child abuse, since using a child to produce child pornography is itself abuse) and purchase/sale.

What every politician and journalist in America would hear:

... legalize... child abuse...

Sorry, but no penalty is going to be reduced. The only changes that are ever going to happen in the forseeable future will be increased penalties for whichever specific things are involved in the next few child abuse cases to hit the news. (Oh, you possessed child porn that was produced using a smartphone? That means you get an extra fifty years in jail, because clearly that's more of a deterrent than the 490 years you were already going to get.)

We are no more able to have a rational and objective debate about child pornography than McCarthy was about communism, or the citizens of Salem about witchcraft. This is our generation's moral panic and it is not going to die until we do, so you'd better get used to it.

If it was consensual but statutory rape, maybe they should just jail the "rapist" till the "child" reaches legal age. Then if the now adult "victim" still thinks it's consensual and not rape, the "rapist" gets that charge wiped totally clean.

If the victim changes her/his mind and thinks it's rape or the "victim" is threatened the "rapist" gets the full rapist sentence.

Also, it would open up anyone fully consenting to massive repression by family. If they insist that it was consensual, in many cases, they'll receive counseling tantamount to brainwashing for years. There will be guilt trips and threats of excommunication from the family. She will be made to feel that, if she affirms her consent, she'll be releasing a monstrous sexual predator who will rape someone not so willing next time and she'll be to blame for that girls suffering, etc.

I'm sure everyone here is familiar with the concept of "honor killings". It's not a phenomenon unique to Muslims as many people seem to think. It's a cross-cultural set of attitudes about the importance of a girls "virtue" and reputation and her obligation to her family and society in regards to it. In some places and among some people it's still taken to the extreme of murder for transgressions, but the exact same behavior, just to a lesser degree exists just about everywhere. I've met plenty of fathers of daughters of various ages in the US who are almost psychotically overprotective and who insist, in all seriousness, that their daughters have no sexual relations whatsoever and sometimes that they not date, etc. The behavior is always hypocritical with regards to their own behavior when they were younger and frequently their behavior as adults (with regards to enjoying pornography of young women, etc.). But they seem to view it as an obligation. Feeling protective of your child is, of course, not a shameful thing, but far too many tie such behavior to possessiveness and a form of objectification that denies their children their humanity.

Society in general seems to at least subconsciously share these values. A young woman, whether above or below the various ages of consent/adulthood/etc. who expresses her sexuality in some way, especially publicly, has to be either a victim, or a slut. Generally there is no middle ground, and when there is, it's often given by people who think that she's both a victim _and_ a slut.

So, an underage girl who chooses to have sex before her society says she's ready, whose older partner is arrested and who has a few years to decide whether to re-affirm consent or not, is going to have to spend that time under a lot of pressure. She will, essentially, have to decide whether to call herself a victim or a slut. Whether to be the dedicated family member protected from the outsider, or the prodigal child who shunned her families protection.

Interestingly enough, I've actually met a "slutty little girl" as you described it. She was a friend of one of my nieces several years ago. Girl was ~10, and was....precocious and direct. Very, very, direct regarding what men she found attractive and exactly what she wanted from them (or more specifically wanted them to do to her). It was actually really creepy. She moved a couple months after her and my niece started hanging out though, so I don't know what happened to her in the long run, or any real details as to her background.

I'd never found a girl coming on to someone quite so disturbing though, before or since.

Depending on the level of detailed dialogue you are describing, she may have been a victim of sexual abuse. They may have rationalized that the sexual abuse has positive results. For example, a bad adult does sexual acts, and then rewards the child. The child may associate the act with the result, and try to initiate the act with others for similar rewards.

Most 10 year olds can't carry on an unsupported dialogue of sexual matters. For most (and yes, the average have has been growing younger), they simply have no interest. For others, they've had no exposure. Most (but not all) parents keep their children away from what they perceive as dangers for the childs development, which includes movie violence and sexuality. If the dialogue was beyond what you may see in a R or NC17 movie, you should consider that there is something pretty serious going on. Talk to a professional about it. Ask the simple questions, "This happened. Should I notify someone?" If you have school age children, a call to the schools child psychologist may be helpful, or your local child protective services. The child protective services call may start unwanted actions, but if there is something bad going on, they should definitely be involved.

Most importantly, don't be involved. It's not up to you to investigate such things. Besides tainting evidence, being too involved can be bad for your health (i.e., the bad adult may seek to silence you). Leave investigations up to the experts. For the sake of your safety and mental health, it's better to give the anonymous tip, than to become a witness. If you get too involved, you may become a suspect, rather than just a witness.

Of course, sometimes things can be misinterpreted. When I was in college, my girlfriend and I took a day off to help out her mother, who was a kindergarten teacher. We spent the morning reading to and playing with the little ones, and during the art part of the day, one little girl decided to confide in me that she and her father "do a secret dance when mommy goes to work."

As you suggest above, I knew it wasn't my place to investigate, but that sounded pretty serious, so I told my GF's mother, who immediately went to the principal and school counselor, and they took the girl out to question her right away.

In the retelling later, my GFM said that the little girl clammed right up, refused to talk, until finally, out of exasperation, she explained that her mother is a dancer at a club, and doesn't want her little girl to follow her career path, so she forbids her to dance. At all. But she (the little one) loves to dance, so as soon as mommy goes to work in the evenings, she and daddy put on a record and dance all over the house. Clothes on, no touching.

There are plenty of misunderstandings with children. Years ago, someone I was dating had a son who was about 5 at the time. He refused to take a bath without help. The "help" was standing there waiting for him to wash up. Lots of "wash your face", "no really, wash your face", "wash your hair... with shampoo this time". The door was opened the whole time, and mom could hear exactly what was happening. I wasn't entertained by it. I had better things to do, like flirt with mom.:)

Girls have boyfriends. They also have female friends. They are not solely keeping these pictures on their hard drives and cameras for personal use (more than likely).

Funny thing about pictures on the Internet: they're trivially copied. Boyfriend copies the picture to his friends (or just one friend), or posts it to a forum: the picture is out, and will live forever on hundreds of 'porn agregators' (lacking a better term), presuming the girl isn't a skag. Likewise, girls are/can be catty: what's stopping them from spreading the nude pictures in a bitter attempt at becoming more popular themselves (thinking it would ridicule the origin)? We're talking about virally social teens, here, not top secret data on government networks: there's literally a thousand and one ways for such pictures to spread to the Internet At Large.

So, in short: it's entirely possible that hundreds of thousands of men and women have viewed, downloaded, etc. child porn and not even be aware of the fact that it is child porn, simply on the basis of "some women look like children and some girls look like women". I recall a couple girls in high school who looked significantly older than 16-18 - and no, I'm not just talking about curves (though that applies too).

It's just like "honest, I thought she was 18, officer!" scenario, except the evidence never disappears and the so-called 'victim' can never grant consent. I would not be surprised if there is legal child porn floating about the internet right now, on "valid" sites which the US federal law enforcement agencies knows about, but allow to exist -so that they can use it as an added charge for someone down the line, if they ned something to vilify them further/want to make sure the charges stick.

It's a US thing. Over there:- You're presumed innocent until proven guilty. Except for terrorism, in which case the rule is "If you were innocent, you wouldn't be a suspect".- Sexual assault is a horrendous crime. Except if the perpetrator is wearing a TSA uniform.- The Constitution stops the government from abusing it's authority and power. But only as long as the government agrees.- Infringing copyright on music steals copyright holders of thousands of dollars. Except for the music industry, they only steal 60 cents per song from artists.- Child Porn is illegal in order to protect victims of child abuse. Unless if children willingly make and send pictures of themselves, in this case they're not victims but vicious pedophiles. So vicious, they abuse themselves!- You're too young to drink beer at 21 but you're old enough to die for your country.

No I think OP was referring to the notion of a fair and balanced justice system that applied the law to everyone instead of the one we have now which consists of "lets throw everything we can dream up at the guy and see what sticks".

After all, it wouldn't be the first time a teenage girl was accused of child pornography for taking pictures of herself and posting them online. Not that I agree with THAT one, either.

"Choose the more obscure questions that only you and your family know the answers to."

Or better yet, use an answer that is totally unrelated to any of the security questions. If one of the security questions is: "what high school did you attend?" a good answer would be aZ333addkwe467. Just need to keep track of it like you do your passwords. These things are usually only used when you forget your password, or as in this case, someone is trying to gain access to your account. Since you rarely would need

I can't believe that no one blames the online services for requiring and using security questions as a security measure(!). This is such an insecure practice that I'm just baffled from the so much widespread use of it!
Theoretically, security questions could be used as an ADDED security measure and be marginally effective at that, but in most times you can't know exactly how your answer will be used, so the sane response would be something like kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna.

Theoretically, security questions could be used as an ADDED security measure and be marginally effective at that, but in most times you can't know exactly how your answer will be used, so the sane response would be something like kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna.

Hey! How did you know my response?!

Seriously, when I'm required to give an answer to one of these I just use my regular password generator to create another password for the site, then use that. "What was your first pet's name?" "w8ZRjky

They probably don't check for meta tags in your post. Probably just script tags. Personally, I don't think comments should allow posting of any HTML whatsoever (make everything escaped, so tags show up as regular text), simply because there's too many ways to make things happen on a browser, even without javascript enabled. As this example clearly illustrates. Just imagine if it had been and image tag of one of the images from the article. Or if the the redirected page contained the content. We'd all ha

Ditto here. The redirect is inside a comment! ITWorld apparently allows too much HTML inside comments, and some comment-spammer figured that out and embedded a meta-refresh tag in a comment. It very effectively hijacks the ITWorld page from inside the comment.

NoScript blocks the redirect if you have itworld.com blacklisted (I didn't initially).

I've used a blog CMS called Pivot that allowed limited HTML but was VERY effective - like 100% effective - at stopping comment spam. Why the techniques it used aren't an industry standard might spark a lively discussion somewhere.

The NoScript extension has an option on the Advanced tab, under Untrusted: Forbid META redirections inside NOSCRIPT elements. Do you have that option enabled? It's probably a key factor to whether NoScript blocks it or not.

It'll eventually cycle away from the insurance blog to a NY Times Ad, and the Times itself (if you've registered in the past), and in all cases removes Back button functionality. Just and FYI if you're inclined to test NoScript against it (FAIL).

This is exactly why usually the "security question" in most places is such a poorly-thought idea: usually they only allow you to select from a limited set of questions, and usually all the questions are such that it's easy to either guess the answer, check on the user's facebook/IM/etc, or just try from a list.

It's much better when you can specify the question yourself. And even better: big, bold letters explaining to the user NOT to fucking choose a question/answer pair that is easily guessable or obtainable from their online profiles!

The problem with most non-sensical answers as they are still vulnerable to dictionary attacks. In fact almost any security question has this critical flaw. There is just no way of making it safe, except by instructing users to never answer the asked question and instead insert a secondary strong password.

Facebook is guilty as well - I have a choice of 4 questions - name of 1st grade teacher - can't remember - city or town mother was born in - too obvious - last 5 characters of driver's license - okay question probably - street you lived on when you were 8 - not appropriate for me. Why can't I choose something better than this?

Facebook is guilty as well - I have a choice of 4 questions - name of 1st grade teacher - can't remember - city or town mother was born in - too obvious - last 5 characters of driver's license - okay question probably - street you lived on when you were 8 - not appropriate for me. Why can't I choose something better than this?

Why can't you just put something largely arbitrary as the answer to any of those questions that you don't have good answers for? "Who's your first grade teacher?..."

you know Facebook doesn't make you set a security question right? Its optional, I however find it ironic how it says a security question makes your account more secure.more access methods == less security

For facebook, account security == not losing access to your account. Thats why it asks me to add multiple cell phone numbers,etc.. so that I can recover my password.They would prefer that someone gets access to my account, and then I am able to recover my access to it, rather than I forget my password, and my FB account goes inactive/disabled

The whole concept of 'security questions' is completely flawed for things such as email or facebook, even if you can choose the question and the information isn't posted on the net.

Private questions to which you would know such an answer would also be most likely known by your relatives - for example, your mother definitely knows her maiden name, but that doesn't mean that she should have an easy time reading your email. Funny details about your childhood would be known by your spouse, but if you're undergo

The whole concept of answering such questions correctly is flawed. Once you're born in Hobbiton and your mothers maiden name is Goose they become quite a bit harder to guess. Such constructed 'alter egos' make the security questions much less dangerous while still maintaining some recovery capacity.

Or they could just use a password saving program on their computer, and generate unique, secure passwords for each site they visit, as well as random answers to the "security" questions. They're safe as long as they don't have a virus/keylogger on their computer. In which case they are hosed anyway. I think most people should just run their browser from a virtual machine which resets itself every time they use it, save for a few key files like bookmarks. I wonder if an easy to use product like this exis

I have a single word that I always use for security question answers. It has nothing to do with any of the questions, so in that respect should be more secure because even someone who knows me well couldn't guess answers and gain access. I don't have to surrender additional personal info on myself or others (mother's maiden name, father's birth year, etc). And I always know the answer, no forgetting.

And someone like the guy from TFA couldn't get any nude pics of me, not that he wouldn't stop at the first

For a regular password that is true for obvious reasons, but I don't believe so for security questions. Making the answer to a security question not even guessable is more secure. Those like the guy in TFA know the great majority of people answer those questions truthfully, probably based on some expectation that the info would have to survive some kind of verification. That is the most likely attack vector, read the article and that is what it says because he looked for common answers to those questions

I'm confused as to how this works. On most sites, answering the secret questions correctly allows you to reset the password, which is then mailed to the e-mail address on file. How does this help in obtaining the password to an e-mail system? Is there an e-mail system out there that is so brain-dead that it allows you to re-specify a password as a reward for merely answering the secret questions correctly? If so, which e-mail system?

Every time I come across a page that requires me to use a passphrase that's at least 8 characters long, contains numbers, special characters and preferably something that could only be typed on some obscure keyboard layout 10 people on this planet use, I feel kinda good.

That feeling instantly vanishes as soon as they also want some "security verification" in case I forget my password. And then you get to read things like:

It wouldn't be difficult for Facebook to automatically reject (or at least warn you about) status updates that contain strings which match either your password or the answers to any of your security questions. At least force the user to think about it.